Threatpost reports that the REvil ransomware threat group, also known as the Sodinokibi ransomware gang, claimed to have compromised a total of nine organizations in the U.S., Europe, Africa and Mexico in the last two weeks. Researchers with eSentire analyzed the group’s claims and stated that the affected organizations included an insurance company, a construction firm, an architectural company, two law firms and an agricultural co-op in the U.S.; a manufacturer in Europe; and two large international banks in Africa and Mexico. “These attacks come directly on the heels of an extensive and well-planned drive-by-download campaign, which was launched in late December. This malicious campaign’s sole purpose is to infect business professionals’ computer systems with the … ransomware, the Gootkit banking trojan or the Cobalt Strike intrusion tool,” said Rob McLeod, senior director of eSentire’s Threat Response Unit. According to researchers, the cybercriminals posted on underground forums the documents which supposedly were from these organizations’ computer systems, including partial customer lists, customer quotes, company computer file directories and contract copies.
Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.
The surge comes after malicious actors impersonated well-known brands, such as Adobe Reader and Microsoft Teams, to deliver numerous malware strains, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer and Vidar.
At least 1,200 Redis database servers worldwide have been compromised by a sophisticated piece of malware since September 2021, while more than 2,800 uninfected servers remain at high risk of exploitation.